Vulnerability-Lookup

RHSA-2026:25561

Vulnerability from csaf_redhat - Published: 2026-06-13 01:24 - Updated: 2026-06-19 03:49

Summary

Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update

Severity

Moderate

Notes

Topic: An update for Red Hat Hardened Images RPMs is now available.

Details: This update includes the following RPMs: nodejs24: * nodejs24-24.16.0-1.hum1 (aarch64, x86_64) * nodejs24-bin-24.16.0-1.hum1 (noarch) * nodejs24-devel-24.16.0-1.hum1 (aarch64, x86_64) * nodejs24-docs-24.16.0-1.hum1 (noarch) * nodejs24-full-i18n-24.16.0-1.hum1 (aarch64, x86_64) * nodejs24-libs-24.16.0-1.hum1 (aarch64, x86_64) * nodejs24-npm-11.13.0-1.24.16.0.1.hum1 (noarch) * nodejs24-npm-bin-24.16.0-1.hum1 (noarch) * v8-13.6-devel-13.6.233.17-1.24.16.0.1.hum1 (aarch64, x86_64) * nodejs24-24.16.0-1.hum1.src (src)

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-9675

A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS).

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Fixed 4 products

Product	Version	Remediation
Unresolved product id: Red Hat Hardened Images:nodejs24-main@aarch64	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nodejs24-main@noarch	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nodejs24-main@src	—	Vendor Fix fix Workaround
Unresolved product id: Red Hat Hardened Images:nodejs24-main@x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

11 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:25561	self
https://images.redhat.com/	external
https://access.redhat.com/security/cve/CVE-2026-9675	external
https://access.redhat.com/security/updates/classi…	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-9675	self
https://bugzilla.redhat.com/show_bug.cgi?id=2489979	external
https://www.cve.org/CVERecord?id=CVE-2026-9675	external
https://nvd.nist.gov/vuln/detail/CVE-2026-9675	external
https://cna.openjsf.org/security-advisories.html	external
https://github.com/nodejs/undici/security/advisor…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for Red Hat Hardened Images RPMs is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This update includes the following RPMs:\n\nnodejs24:\n  * nodejs24-24.16.0-1.hum1 (aarch64, x86_64)\n  * nodejs24-bin-24.16.0-1.hum1 (noarch)\n  * nodejs24-devel-24.16.0-1.hum1 (aarch64, x86_64)\n  * nodejs24-docs-24.16.0-1.hum1 (noarch)\n  * nodejs24-full-i18n-24.16.0-1.hum1 (aarch64, x86_64)\n  * nodejs24-libs-24.16.0-1.hum1 (aarch64, x86_64)\n  * nodejs24-npm-11.13.0-1.24.16.0.1.hum1 (noarch)\n  * nodejs24-npm-bin-24.16.0-1.hum1 (noarch)\n  * v8-13.6-devel-13.6.233.17-1.24.16.0.1.hum1 (aarch64, x86_64)\n  * nodejs24-24.16.0-1.hum1.src (src)",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:25561",
        "url": "https://access.redhat.com/errata/RHSA-2026:25561"
      },
      {
        "category": "external",
        "summary": "https://images.redhat.com/",
        "url": "https://images.redhat.com/"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/cve/CVE-2026-9675",
        "url": "https://access.redhat.com/security/cve/CVE-2026-9675"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/",
        "url": "https://access.redhat.com/security/updates/classification/"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_25561.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat Hardened Images RPMs bug fix and enhancement update",
    "tracking": {
      "current_release_date": "2026-06-19T03:49:36+00:00",
      "generator": {
        "date": "2026-06-19T03:49:36+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.0.0"
        }
      },
      "id": "RHSA-2026:25561",
      "initial_release_date": "2026-06-13T01:24:50+00:00",
      "revision_history": [
        {
          "date": "2026-06-13T01:24:50+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-06-18T11:12:23+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-19T03:49:36+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Hardened Images",
                "product": {
                  "name": "Red Hat Hardened Images",
                  "product_id": "Red Hat Hardened Images",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:hummingbird:1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Hardened Images"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs24-main@aarch64",
                "product": {
                  "name": "nodejs24-main@aarch64",
                  "product_id": "nodejs24-main@aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs24@24.16.0-1.hum1?arch=aarch64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-aarch64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs24-main@src",
                "product": {
                  "name": "nodejs24-main@src",
                  "product_id": "nodejs24-main@src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs24@24.16.0-1.hum1?arch=src\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-source-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs24-main@x86_64",
                "product": {
                  "name": "nodejs24-main@x86_64",
                  "product_id": "nodejs24-main@x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs24@24.16.0-1.hum1?arch=x86_64\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "nodejs24-main@noarch",
                "product": {
                  "name": "nodejs24-main@noarch",
                  "product_id": "nodejs24-main@noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/nodejs24-bin@24.16.0-1.hum1?arch=noarch\u0026distro=hummingbird-20251124\u0026repository_id=public-hummingbird-x86_64-rpms"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs24-main@aarch64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nodejs24-main@aarch64"
        },
        "product_reference": "nodejs24-main@aarch64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs24-main@noarch as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nodejs24-main@noarch"
        },
        "product_reference": "nodejs24-main@noarch",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs24-main@src as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nodejs24-main@src"
        },
        "product_reference": "nodejs24-main@src",
        "relates_to_product_reference": "Red Hat Hardened Images"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nodejs24-main@x86_64 as a component of Red Hat Hardened Images",
          "product_id": "Red Hat Hardened Images:nodejs24-main@x86_64"
        },
        "product_reference": "nodejs24-main@x86_64",
        "relates_to_product_reference": "Red Hat Hardened Images"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-9675",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "discovery_date": "2026-06-17T17:01:41.811903+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2489979"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in undici. A malicious WebSocket server could exploit this vulnerability by sending fragmented messages that individually meet size limits but collectively exceed them. This can lead to unbounded memory growth in the client process, resulting in memory exhaustion and a denial of service (DoS).",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This is rated Moderate by Red Hat (CVSS 5.9) because successful exploitation requires the undici WebSocket client to connect to an attacker-controlled server (AC:H), which is unlikely in typical Red Hat product deployments where WebSocket endpoints are trusted internal services. No Red Hat product is affected \u2014 all streams shipping undici bundle versions 5.x through 7.x, which are outside the vulnerable range of 8.0.0 to 8.4.x. The vulnerable code path (unbounded WebSocket frame accumulation) was introduced in undici 8.0.0 and is not present in earlier major versions.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Hardened Images:nodejs24-main@aarch64",
          "Red Hat Hardened Images:nodejs24-main@noarch",
          "Red Hat Hardened Images:nodejs24-main@src",
          "Red Hat Hardened Images:nodejs24-main@x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-9675"
        },
        {
          "category": "external",
          "summary": "RHBZ#2489979",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489979"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-9675",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-9675"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-9675",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-9675"
        },
        {
          "category": "external",
          "summary": "https://cna.openjsf.org/security-advisories.html",
          "url": "https://cna.openjsf.org/security-advisories.html"
        },
        {
          "category": "external",
          "summary": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq",
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq"
        }
      ],
      "release_date": "2026-06-17T16:20:32.548000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-06-13T01:24:50+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\nhttps://images.redhat.com/",
          "product_ids": [
            "Red Hat Hardened Images:nodejs24-main@aarch64",
            "Red Hat Hardened Images:nodejs24-main@noarch",
            "Red Hat Hardened Images:nodejs24-main@src",
            "Red Hat Hardened Images:nodejs24-main@x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:25561"
        },
        {
          "category": "workaround",
          "details": "Red Hat products that bundle the undici HTTP client ship versions 5.x, 6.x, and 7.x, which do not contain the vulnerable WebSocket frame accumulation code path introduced in undici 8.0.0. No Red Hat product streams are affected by this vulnerability. Users who have manually installed undici 8.x outside of Red Hat-provided packages should upgrade to undici 8.5.0 or later to fully resolve this issue.",
          "product_ids": [
            "Red Hat Hardened Images:nodejs24-main@aarch64",
            "Red Hat Hardened Images:nodejs24-main@noarch",
            "Red Hat Hardened Images:nodejs24-main@src",
            "Red Hat Hardened Images:nodejs24-main@x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "Red Hat Hardened Images:nodejs24-main@aarch64",
            "Red Hat Hardened Images:nodejs24-main@noarch",
            "Red Hat Hardened Images:nodejs24-main@src",
            "Red Hat Hardened Images:nodejs24-main@x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "undici: undici WebSocket client vulnerable to denial of service via cumulative fragment bypass"
    }
  ]
}

CVE-2026-9675 (GCVE-0-2026-9675)

Vulnerability from cvelistv5 – Published: 2026-06-17 16:20 – Updated: 2026-06-17 17:29

Title

undici WebSocket client vulnerable to denial of service via cumulative fragment bypass

Summary

Impact: The undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service. Affected applications are those using the undici WebSocket client (new WebSocket(...)) that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint. This is a regression specific to undici 8.1.0. The 6.25.0 line shipped the equivalent cumulative check from the start and is unaffected. The 7.x line never had the maxPayloadSize feature and is also unaffected. Patches: Upgrade to undici >= 8.5.0. Workarounds: No workaround is available. The fix must be applied through an upgrade.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-400 - Uncontrolled Resource Consumption
CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

openjs

References

2 references

URL	Tags
https://github.com/nodejs/undici/security/advisor…
https://cna.openjsf.org/security-advisories.html

Impacted products

1 product

Vendor	Product	Version
undici	undici	Affected: 8.0.0 , < 8.5.0 (semver) Unaffected: 8.5.0 (semver)

Credits

mauriceng98 Str1ckl4nd mcollina UlisesGascon lzhou1110 Zyy0530

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9675",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-17T17:29:24.751635Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-17T17:29:42.926Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageURL": "pkg:npm/undici",
          "product": "undici",
          "vendor": "undici",
          "versions": [
            {
              "lessThan": "8.5.0",
              "status": "affected",
              "version": "8.0.0",
              "versionType": "semver"
            },
            {
              "status": "unaffected",
              "version": "8.5.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "mauriceng98"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Str1ckl4nd"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "mcollina"
        },
        {
          "lang": "en",
          "type": "remediation reviewer",
          "value": "UlisesGascon"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "lzhou1110"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Zyy0530"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Impact:\nThe undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nThis is a regression specific to undici 8.1.0. The 6.25.0 line shipped the equivalent cumulative check from the start and is unaffected. The 7.x line never had the maxPayloadSize feature and is also unaffected.\n\nPatches:\nUpgrade to undici \u003e= 8.5.0.\n\nWorkarounds:\nNo workaround is available. The fix must be applied through an upgrade."
            }
          ],
          "value": "Impact:\nThe undici WebSocket client enforces maxPayloadSize per-frame but does not enforce the cumulative size of fragmented uncompressed messages. A malicious WebSocket server can stream many small fragments that each pass per-frame validation but collectively exceed the configured limit, causing unbounded memory growth in the client process. The result is memory exhaustion and a denial of service.\n\nAffected applications are those using the undici WebSocket client (new WebSocket(...)) that can be induced to connect to an attacker-controlled or compromised WebSocket endpoint.\n\nThis is a regression specific to undici 8.1.0. The 6.25.0 line shipped the equivalent cumulative check from the start and is unaffected. The 7.x line never had the maxPayloadSize feature and is also unaffected.\n\nPatches:\nUpgrade to undici \u003e= 8.5.0.\n\nWorkarounds:\nNo workaround is available. The fix must be applied through an upgrade."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400: Uncontrolled Resource Consumption",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-17T16:20:32.548Z",
        "orgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
        "shortName": "openjs"
      },
      "references": [
        {
          "url": "https://github.com/nodejs/undici/security/advisories/GHSA-38rv-x7px-6hhq"
        },
        {
          "url": "https://cna.openjsf.org/security-advisories.html"
        }
      ],
      "title": "undici WebSocket client vulnerable to denial of service via cumulative fragment bypass",
      "x_generator": {
        "engine": "cve-kit 1.0.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ce714d77-add3-4f53-aff5-83d477b104bb",
    "assignerShortName": "openjs",
    "cveId": "CVE-2026-9675",
    "datePublished": "2026-06-17T16:20:32.548Z",
    "dateReserved": "2026-05-27T07:10:38.904Z",
    "dateUpdated": "2026-06-17T17:29:42.926Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:25561

CVE-2026-9675 (GCVE-0-2026-9675)

Tags

Sightings

Nomenclature